Security Challenges in NoSQL and Their Control Methods

  • Mahiraj ParmarEmail author
  • Rejo Mathew
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 49)


NoSQL databases have become popular due to their scalability, ease of implementation of JSON (JavaScript Object Notation). This document analyzes the maturity of NoSQL safety policies compared with the SQL database, addressing the new access and query mechanisms. Analysis of the attacks and vulnerabilities is done along with mentioning the methodologies to mitigate them. It states how this newly developed technology lacks in security and awareness, which was an issue over the years in SQL systems.


NoSQL NoSQL injection MongoDB Cassandra Redis NoSQL attacks NoSQL solutions 


  1. 1.
    Aboutorabi, S.H., Rezapour, M., Moradi, M., Ghadiri, N.: Performance evaluation of SQL and MongoDB databases for big e-commerce data. In: 2015 International Symposium on Computer Science and Software Engineering, CSSE (2016)Google Scholar
  2. 2.
    Ji, Z., Ganchev, I., O’Droma, M., Ding, T.: A distributed Redis framework for use in the UCWW. In: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (2014)Google Scholar
  3. 3.
    Aniceto, R., Xavier, R., Guimarães, V., Hondo, F., Holanda, M., Walter, M.E., Lifschitz, S.: Evaluating the Cassandra NoSQL database approach for genomic data persistency. Int. J. Genomics 2015 (2015). Article ID 502795Google Scholar
  4. 4.
    Gilbert, S., Lynch, N.: Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services. SIGACT News 33, 51–59 (2002)CrossRefGoogle Scholar
  5. 5.
    Brewer, E.: Pushing the cap: strategies for consistency and availability. Computer 45, 2329 (2012)CrossRefGoogle Scholar
  6. 6.
    Shahriar, H., Haddad, H.M.: Security vulnerabilities of NoSQL and SQL databases for MOOC applications. Int. J. Digit. Soc. (IJDS) 8(1) (2017)Google Scholar
  7. 7.
    Ron, A., Shulman-Peleg, A., Bronshtein, E.: No SQL, No Injection? Examining NoSQL Security (2015)Google Scholar
  8. 8.
    MacDonald, N.: Static or dynamic application security testing? (2011).
  9. 9.
    Yadav, P., Parekh, C.D.: A report on CSRF security challenges & prevention techniques. In: 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS) (2018)Google Scholar
  10. 10.
    Yubin, G., Liankuan, Z., Fengren, L., Ximing, L.: A solution for privacy-preserving data manipulation and query on NoSQL database. J. Comput. 8, 1427–1432 (2013)Google Scholar
  11. 11.
    Osawaru, E., Ahamed, A.H.R.: A highlight of security challenges in big data. Int. J. Inf. Syst. Eng. 2(1), 2265–2289 (2014)Google Scholar
  12. 12.
    Malik, M., Patel, T.: Database security-attacks and control methods. Int. J. Inf. Sci. Tech. (IJIST) 6(1/2), 175–183 (2016)Google Scholar
  13. 13.
    Kulkarni, S., Urolagin, S.: Review of attacks on databases and database security techniques. Facil. Int. J. Eng. Technol. Database Secur. Tech. Res. 2(11), 253–263 (2012)Google Scholar
  14. 14.
    Singh, S., Rai, R.K.: A review report on security threats on database. Int. J. Comput. Sci. Inf. Technol. 5(3), 3215–3219 (2014)Google Scholar
  15. 15.
    Das, D., Sharma, U., Bhattacharyya, D.K.: An approach to detection of SQL injection attack based on dynamic query matching. Int. J. Comput. Appl. 1(25), 28–34 (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.I.T. DepartmentMukesh Patel School of Technology Management and EngineeringMumbaiIndia

Personalised recommendations